CVE-2017-5630

2017-02-01T23:59:00
ID CVE-2017-5630
Type cve
Reporter cve@mitre.org
Modified 2020-01-23T18:23:00

Description

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.